[Samba] Samba over ssh ?

jonlists jonlists at cbsol.com
Fri Apr 1 06:19:27 GMT 2005 

[snip other stuff]

> Thanks for your suggestion. I have installed openvpn and the lzo library 
on 
> which it depends. 
> 
> One nagging question that I still have is :
> 
> Does using openvpn (or any VPN solution in general) obviate the need to 
open 
> these vulnerable ports ? The little documentation that I have read so 
far 
> talk a lot about encryption. While that is important, I also need to 
think 
> about the ports (strangely, the firewall does not open any of those 
ports but 
> nmap -P0 run on the machine reveals that these ports are open :
> 
> 139/tcp   open  netbios-ssn
> 445/tcp   open  microsoft-ds )
> 
> Anyways, another concern I have is that while I have the samba server up 
and 
> running and all my users are happy with it, how much disruption and user 

> effort can I expect when I implement openvpn ? Like typical windows 
users, 
> they value ease of use over security. Don't take me wrong, I will 
definitely 
> implement this if it contributes towards security, but I need to know 
this to 
> be able to tell my users what to expect.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

Maybe I'm missing something, but wouldn't you want to place the VPN 
connections between your firewall and the mobile/end user, but not on the 
Samba server? I am assuming that you're not talking about the firewall on 
your server itself, but your firewall on the Internet/public connection. 

Those ports are particularly nasty because of the Windows operating system 
on which they typically run, not because of problems on linux. There's 
always the possibility of DOS attacks, or of some buffer overrun exploit 
being discovered, but I believe the chances of those happening are far 
less than your users being angry because you've tightened security to the 
point it's difficult to use the network. 

Jon Johnston
Creative Business Solutions
IBM, Microsoft, Novell/Suse, Sophos Consultants
http://www.cbsol.com
blog:http://bingo.cbsol.com

More information about the samba mailing list